(BleepingComputer) BH_A006 is a heavily modified version of the {{Gh0st RAT}} backdoor, featuring many layers of obfuscation to bypass security protections and thwart analysis. Its features include network service creation, UAC bypassing, and shellcode unpacking and launching in the memory.
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
| IP:Port | Timestamp |
|---|
| Domain | Timestamp |
|---|
| URL | Timestamp |
|---|
Tool: BH_A006
Names: BH_A006
Description: (BleepingComputer) BH_A006 is a heavily modified version of the {{Gh0st RAT}} backdoor, featuring many layers of obfuscation to bypass security protections and thwart analysis. Its features include network service creation, UAC bypassing, and shellcode unpacking and launching in the memory.
Category: Malware
Type: Reconnaissance, Backdoor, Keylogger, Info stealer
Information: https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/
Information: https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/
Last-card-change: 2022-07-19
Source: https://apt.etda.or.th/cgi-bin/listtools.cgi
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |